Marc R. Schoolderman

Note: this is an edge case that we discussed very early on and were considering leaving out (unless we find a sudoers file out there that does this). Essentially you...

Postponing a decision on this to Milestone 3 (when we may implement more introspection in the sudoers file); but I suspect this may end up becoming a `wontfix`.

Interestingly, original sudo doesn't seem to allow ip addresses as usernames: ``` /etc/sudoers:63:1: syntax error 196.171.231.23 ALL=() PASSWD: /bin/whoami ^~~~~~~~~~~~~~ ```

Note: we are working on this issue; you can check out the branch [ubuntu-build](https://github.com/memorysafety/sudo-rs/tree/ubuntu-build) is buildable with rustc on Ubuntu 22.04 LTS. One commit in it is no longer needed...

Update on this issue: - the MSRV for sudo-rs (1.70) is enforced in CI, and we are holding it there for the moment - [ubuntu-build](https://github.com/memorysafety/sudo-rs/tree/ubuntu-build) is still available for compiling...

Note: since (as I'm writing this today) `rustc` 1.70 is in Debian unstable, and in fact `sudo-rs` is in Debian experimental, I think we are now firmly detached from a...

I've consulted with "upstream" about this issue. If it turns out that this special interpretation of negation is an important feature of aliases, I think we can implement it by--after...

Forgot to report back on this issue: Todd thinks our behaviour is reasonable here (and unlikely to have an impact on real-world sudoers files). I think the proper fix here...

There is a snag, e.g. ``` User_Alias FOO = !ghost ALL, FOO host = ALL ``` Would allow everybody except `ghost` to run something in ogsudo, but would allow everyone...

Here is a list of applicable sudo advisories where we manually decided that we are secure: Environment-related (we are secure since we force `env_reset`) - [ ] https://www.sudo.ws/security/advisories/bash_functions/ - [...